Ubuntu
isc-dhcp package

Incorrectly trying to create tempfile in root directory

Bug #1675303 reported by Kees Bakker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
New
Undecided
Unassigned

Bug Description

At startup the server tries to create a temp file in the root directory. Thanks to apparmor this is denied, but the error is (I think) silently ignored. In /var/log/syslog there is a message like this:

Mar 23 08:39:17 rotte kernel: [7160216.658291] audit: type=1400 audit(1490254757.814:114): apparmor="DENIED" operation="mknod" profile="/usr/sbin/dhcpd" name="/tmp-jwdb31E5jQ" pid=20431 comm="dhcpd" requested_mask="c" denied_mask="c" fsuid=119 ouid=119

Notice name="/tmp-jwdb31E5jQ".

I'm using the DHCP server in combination with LDAP and bind9 in a FreeIPA setup. But other than that I believe there is nothing special about it.

In the DHCP source code I couldn't find any code that creates a tempfile like this, but in bind9 in lib/isc/unix/file.c there is code that fits. Perhaps the DHCP server indirectly uses that code.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Is dhcpd running in a chroot? Is the AppArmor profile using 'attach_disconnected'? (I'm guessing perhaps these aren't being created in the real root; these two combined could give the appearance of creating files in the root.)

Thanks

Revision history for this message
Kees Bakker (keestux) wrote :

No chroot.
No attach_disconnected for the usr.sbin.dhcpd profile.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.